adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/1cccd5d8-5d52-4610-b8b7-7bbebd0d6d7b.json

2817 lines
7.1 MiB
JSON
Raw Permalink Normal View History

chg: [feeds] updated
2024-12-27 11:52:46 +01:00
{
"Event": {
"analysis": "2",
"date": "2024-09-26",
"extends_uuid": "",
"info": "OSINT - Unraveling SloppyLemming\u2019s Operations Across South Asia",
"publish_timestamp": "1727342024",
"published": true,
"threat_level_id": "3",
"timestamp": "1727339046",
"uuid": "1cccd5d8-5d52-4610-b8b7-7bbebd0d6d7b",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:threat-actor=\"SloppyLemming\"",
"relationship_type": "attributed-to"
},
{
"colour": "#ba5c0b",
"local": false,
"name": "misp-galaxy:country=\"sri lanka\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:country=\"pakistan\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:country=\"bangladesh\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:country=\"china\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"Police - Law enforcement\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"Energy\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"Telecoms\"",
"relationship_type": "targets"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"Technology\"",
"relationship_type": "targets"
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Report object to describe a report along with its metadata.",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "8",
"timestamp": "1727339046",
"uuid": "9c30da9f-1d33-4109-a521-6c3ff8a933b6",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1727339046",
"to_ids": false,
"type": "link",
"uuid": "5e4cd5f4-3f35-4cc5-abb6-be0069582d44",
"value": "https://blog.cloudflare.com/unraveling-sloppylemming-operations/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1727339046",
"to_ids": false,
"type": "text",
"uuid": "8c625f1f-97e8-4bec-a802-eeba2be84c83",
"value": "Cloudforce One is publishing the results of an investigation into an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvesting, malware delivery and command and control (C2). This actor conducts extensive operations targeting Pakistani, Sri Lanka, Bangladesh, and China. Industries targeted include government, law enforcement, energy, telecommunications, and technology entities. \r\nExecutive Summary\r\n\r\n Between late 2022 to present, SloppyLemming has routinely used Cloudflare Workers likely as part of a broad espionage campaign targeting South and East Asian countries\r\n\r\n SloppyLemming displays a lack of operational security (OPSEC) allowing Cloudforce One insight into its tooling \r\n\r\n The actor primarily targets Pakistani government, defense, telecommunications, technology, and energy sector organizations; SloppyLemming also targets Bangladesh, Sri Lanka, Nepal, and China."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1727339046",
"to_ids": false,
"type": "text",
"uuid": "f563152e-cfb0-46e5-b77b-b9c3f6bbb861",
"value": "Blog"
},
{
"category": "External analysis",
"comment": "",
"data": "UEsDBBQAAAAAANJSOlkbNMlGDAsAAAwLAAApAAAAMjAyNC0wOS0yNlQxMDoyMjozNi4yMjg0ODYvMC5jb29raWVzLmpzb25beyJuYW1lIjogIl9fY2ZfYm0iLCAidmFsdWUiOiAiTkFvRnd6QmhfaG5ROVNwejh0YkVWNkZzeHN5X3VaSzdjQXBWS3NwTl9SZy0xNzI3MzM4ODc3LTEuMC4xLjEtSG9kckRrZFpCeWYua0M4WGE4N0VYd1h5enlTSXI2b1NrcjNIQm43bW95TEJFN1VHdGszVldfX2NWd0tieGNqQTlqc2FxYlpGdzZPRW1Kd1k3dGNJTEEiLCAiZG9tYWluIjogIi5ibG9nLmNsb3VkZmxhcmUuY29tIiwgInBhdGgiOiAiLyIsICJleHBpcmVzIjogMTcyNzM0MDY3Ny4xMTUyNDUsICJodHRwT25seSI6IHRydWUsICJzZWN1cmUiOiB0cnVlLCAic2FtZVNpdGUiOiAiTm9uZSJ9LCB7Im5hbWUiOiAiX19jZl9ibSIsICJ2YWx1ZSI6ICJSb2VkV2J3ajcwSDNxVTBiV2wwRlo2MU1RVUdNcDdxalhQNExaSXJ5UU5FLTE3MjczMzg4NzctMS4wLjEuMS05MVRSd1Q5a3BrdUtkTk1fMmRvck1rLi5WNG11OTgzZEtHWlFSUjVlUmxtRjU3MHptSXRuZGJxRzhjdzZoLndpMFc5Q1Ftb1B1bnZYZWplNUlFQzYzVXVITEtBZF94YlplV0U1X2lSVlBlUSIsICJkb21haW4iOiAiLnd3dy5jbG91ZGZsYXJlLmNvbSIsICJwYXRoIjogIi8iLCAiZXhwaXJlcyI6IDE3MjczNDA2NzcuNDE0NzA4LCAiaHR0cE9ubHkiOiB0cnVlLCAic2VjdXJlIjogdHJ1ZSwgInNhbWVTaXRlIjogIk5vbmUifSwgeyJuYW1lIjogImNmenNfZ29vZ2xlLWFuYWx5dGljc192NCIsICJ2YWx1ZSI6ICIlN0IlMjJuemNyX3BhZ2V2aWV3Q291bnRlciUyMiUzQSU3QiUyMnYlMjIlM0ElMjIxJTIyJTdEJTdEIiwgImRvbWFpbiI6ICIuY2xvdWRmbGFyZS5jb20iLCAicGF0aCI6ICIvIiwgImV4cGlyZXMiOiAtMSwgImh0dHBPbmx5IjogdHJ1ZSwgInNlY3VyZSI6IHRydWUsICJzYW1lU2l0ZSI6ICJMYXgifSwgeyJuYW1lIjogImNmel9nb29nbGUtYW5hbHl0aWNzX3Y0IiwgInZhbHVlIjogIiU3QiUyMm56Y3JfZW5nYWdlbWVudER1cmF0aW9uJTIyJTNBJTdCJTIydiUyMiUzQSUyMjAlMjIlMkMlMjJlJTIyJTNBMTc1ODg3NDg3NzY0MiU3RCUyQyUyMm56Y3JfZW5nYWdlbWVudFN0YXJ0JTIyJTNBJTdCJTIydiUyMiUzQSUyMjE3MjczMzg4Nzc2NDIlMjIlMkMlMjJlJTIyJTNBMTc1ODg3NDg3NzY0MiU3RCUyQyUyMm56Y3JfY291bnRlciUyMiUzQSU3QiUyMnYlMjIlM0ElMjIxJTIyJTJDJTIyZSUyMiUzQTE3NTg4NzQ4Nzc2NDIlN0QlMkMlMjJuemNyX2dhNHNpZCUyMiUzQSU3QiUyMnYlMjIlM0ElMjI3NzU0NzM0NCUyMiUyQyUyMmUlMjIlM0ExNzI3MzQwNjc3NjQyJTdEJTJDJTIybnpjcl9zZXNzaW9uX2NvdW50ZXIlMjIlM0ElN0IlMjJ2JTIyJTNBJTIyMSUyMiUyQyUyMmUlMjIlM0ExNzU4ODc0ODc3NjQyJTdEJTJDJTIybnpjcl9nYTQlMjIlM0ElN0IlMjJ2JTIyJTNBJTIyNGExOWNmZGQtNWVlZC00NzVlLWJmODMtYjAzYjQwZTcyYjRmJTIyJTJDJTIyZSUyMiUzQTE3NTg4NzQ4Nzc2NDIlN0QlMkMlMjJuemNyX196X2dhX2F1ZGllbmNlcyUyMiUzQSU3QiUyMnYlMjIlM0ElMjI0YTE5Y2ZkZC01ZWVkLTQ3NWUtYmY4My1iMDNiNDBlNzJiNGYlMjIlMkMlMjJlJTIyJTNBMTc1ODg3NDg3NzY0MiU3RCUyQyUyMm56Y3JfbGV0JTIyJTNBJTdCJTIydiUyMiUzQSUyMjE3MjczMzg4Nzc2NDIlMjIlMkMlMjJlJTIyJTNBMTc1ODg3NDg3NzY0MiU3RCU3RCIsICJkb21haW4iOiAiLmNsb3VkZmxhcmUuY29tIiwgInBhdGgiOiAiLyIsICJleHBpcmVzIjogMTc1ODg3NDg3OC42MDY1NzcsICJodHRwT25seSI6IHRydWUsICJzZWN1cmUiOiB0cnVlLCAic2FtZVNpdGUiOiAiTGF4In0sIHsibmFtZSI6ICJfX2NmX2JtIiwgInZhbHVlIjogImFKWklyd3VrWDU5SDBRdm9NWERqdTM1QmloNjYwUEZpcDFESndfdG5OS0UtMTcyNzMzODg3Ny0xLjAuMS4xLXFZVllsUERxV3EwdWxXdWk4a2t6Mm84T0RFUlBydFBPa0JXaXdQcmE2ek90SDBSQjVCVmJ0RzZ1czc5NjdqQjdTbkpXaW14LnRMRG5tamt4d2g4aTdRIiwgImRvbWFpbiI6ICIucmFkYXIuY2xvdWRmbGFyZS5jb20iLCAicGF0aCI6ICIvIiwgImV4cGlyZXMiOiAxNzI3MzQwNjc3Ljg2NTg2NywgImh0dHBPbmx5IjogdHJ1ZSwgInNlY3VyZSI6IHRydWUsICJzYW1lU2l0ZSI6ICJOb25lIn0sIHsibmFtZSI6ICJfbWt0b190cmsiLCAidmFsdWUiOiAiaWQ6NzEzLVhTQy05MTgmdG9rZW46X21jaC1jbG91ZGZsYXJlLmNvbS0xNzI3MzM4ODc3ODM4LTg2MjAwIiwgImRvbWFpbiI6ICIuY2xvdWRmbGFyZS5jb20iLCAicGF0aCI6ICIvIiwgImV4cGlyZXMiOiAxNzYxODk4ODc4LjYxMzYwOSwgImh0dHBPbmx5IjogZmFsc2UsICJzZWN1cmUiOiBmYWxzZSwgInNhbWVTaXRlIjogIkxheCJ9LCB7Im5hbWUiOiAiT3B0YW5vbkNvbnNlbnQiLCAidmFsdWUiOiAiaXNHcGNFbmFibGVkPTAmZGF0ZXN0YW1wPVRodStTZXArMjYrMjAyNCswOCUzQTIxJTNBMTcrR01UJTJCMDAwMCsoQ29vcmRpbmF0ZWQrVW5pdmVyc2FsK1RpbWUpJnZlcnNpb249MjAyNDA3LjIuMCZicm93c2VyR3BjRmxhZz0wJmlzSUFCR2xvYmFsPWZhbHNlJmhvc3RzPSZjb25zZW50SWQ9ZjFhMjlmNDgtN2Y5ZC00YTM2LWI4NWItMzQ0Y2QzODVjZGIwJmludGVyYWN0aW9uQ291bnQ9MCZpc0Fub25Vc2VyPTEmbGFuZGluZ1BhdGg9aHR0cHMlM0ElMkYlMkZibG9nLmNsb3VkZmxhcmUuY29tJTJGdW5yYXZlbGluZy1zbG9wcHlsZW1taW5nLW9wZXJhdGlvbnMlMkYmZ3JvdXBzPUMwMDAxJTNBMSUyQ0MwMDAzJTNBMCUyQ0MwMDAyJTNBMCUyQ0MwMDA0JTNBMCIsICJkb21haW4iOiAiLmNsb3VkZmxhcmUuY29tIiwgInBhdGgiOiAiLyIsICJleHBpcmVzIjogMTc1ODg3NDg3NywgImh0dHBPbmx5IjogZmFsc2UsICJzZWN1cmUiOiBmYWxzZSwgInNhbWVTaXRlIjogIkxheCJ9XVBLAwQUAAAAAADSUjpZ0yeMztQcFQDUHBUAIwAAADIwMjQtMDktMjZUMTA6MjI6MzYuMjI4NDg2LzAuaGFyLmd6H4sICMwZ9WYC/zAuaGFyAOy9iWPbNrI4/K+w2X2t9CpRJHXL6+Y5vuI2iV1bSdocnwqSkMSYIhWSsqyk/t+/mQF4irJlJ32bt7/uNolI4hgAgzmAOT4/cv3Jo4
"deleted": false,
"disable_correlation": false,
"object_relation": "report-file",
"timestamp": "1727339046",
"to_ids": false,
"type": "attachment",
"uuid": "2160c313-59a5-4e80-9d4a-33535f198e2f",
"value": "capture.zip"
}
]
},
{
"comment": "First, SloppyLemming operators will craft a phishing email that is likely tailor-made for the target to ensure a higher degree of success in the user clicking a malicious link. An example draft phishing email obtained by Cloudforce One",
"deleted": false,
"description": "Email object describing an email with meta-information",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "19",
"timestamp": "1727333042",
"uuid": "7379cb86-69b9-49f1-9af4-1fc9937bc6ea",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "email-body",
"timestamp": "1727333042",
"to_ids": false,
"type": "email-body",
"uuid": "665f4a6c-b2eb-4eff-a7c7-931da076764d",
"value": "Dear [Officer\u2019s Name],\r\n\r\nAs part of our ongoing efforts to enhance the security of our internal systems, we are rolling out a mandatory update to our secure access protocols. All personnel are required to complete this update within the next 24 hours to ensure continued access to department resources.\r\n\r\nPlease log in to the police department\u2019s IT portal using the link below to initiate the update process:\r\n\r\n[Fake IT Portal Link]\r\n\r\nFailure to complete this update will result in the temporary suspension of your account access.\r\n\r\nThank you for your cooperation.\r\n\r\nBest regards,\r\nIT Department\r\n[Police Department\u2019s Name]"
}
]
},
{
"comment": "SloppyLemming operators will then send malicious emails to their intended targets, and upon receiving login credentials for a compromised account, the actor will then collect emails of interest from the victim. Cloudforce One obtained a copy of a likely actor-side script that allows for the collection of emails from a given account. Portions of this script are detailed below.",
"deleted": false,
"description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
"meta-category": "misc",
"name": "script",
"template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
"template_version": "7",
"timestamp": "1727333989",
"uuid": "8648ab5f-0d70-4f2e-85ae-6e7fad3d15e4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "script",
"timestamp": "1727333989",
"to_ids": false,
"type": "text",
"uuid": "7b06fa6a-4c3e-4bc3-85ed-9bbdc314521e",
"value": "# Enter password\r\npassword_input = driver.find_element(By.ID, \"password\")\r\npassword_input.send_keys(password)\r\n\r\n# Click the login button\r\npassword_input.send_keys(Keys.RETURN)\r\n...\r\n# Navigate to the Inbox\r\ninbox_link = driver.find_element(By.CSS_SELECTOR, 'a[href=\"#zv__main_page__main_Mail\"]')\r\ninbox_link.click()\r\n...\r\n# Iterate through each email in the inbox\r\nemails = driver.find_elements(By.CSS_SELECTOR, 'div[class=\"zA zE\"]')\r\n\r\nfor email in emails:\r\n # Click on the email\r\n email.click()\r\n...\r\n # Search for attachments and click on download links\r\n attachments = driver.find_elements(By.CSS_SELECTOR, 'a.AttLink[id^=\"zv__CLV__main_MSGC\"][title=\"Download\"]')\r\n \r\n for attachment in attachments:\r\n attachment.click()\r\n...\r\n # Go back to the Inbox\r\n driver.execute_script(\"window.history.go(-1)\")\r\n...\r\n# Get the subject of the first email\r\nfirst_email_subject = driver.find_element_by_css_selector('.zA span.bqe').text\r\nprint(\"Subject of the first email:\", first_email_subject)\r\n..."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1727333989",
"to_ids": false,
"type": "text",
"uuid": "9398237d-8030-4b4f-a41d-1eeeb9d18d37",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727335622",
"uuid": "cd3abe6b-bbac-4eb7-8290-3ae767462087",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727335622",
"to_ids": true,
"type": "sha256",
"uuid": "90a39801-529e-4415-afa1-2f5bc0cd9b06",
"value": "06f82a8d80ec911498e3493ebefa8ad45e102dd887ce2edc11f8f51bafab2e80"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1727335622",
"to_ids": true,
"type": "filename",
"uuid": "ab5984a2-4804-425c-9982-7644bd59a815",
"value": "sspicli.dll"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727335644",
"uuid": "0d8a6a60-0cf9-4592-9981-cf0dcf7fa273",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727335644",
"to_ids": true,
"type": "sha256",
"uuid": "d5fe5f38-6818-4ec4-9be9-59c4f1e11b5a",
"value": "ac3dff91982709f575cfbc6954b61130b4eeab5d3759772db220f1b76836be4d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1727335644",
"to_ids": true,
"type": "filename",
"uuid": "64caa0b4-fe31-4d9a-a209-230d3fde2518",
"value": "profapi.dll"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727335659",
"uuid": "ab1cb60c-869c-448b-b31c-cb0b6b54de90",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727335659",
"to_ids": true,
"type": "sha256",
"uuid": "66f9e689-f32f-4605-b26c-3b7f96c54129",
"value": "3dfb8d198de95090e2ad3ffc9d9846af5c3074563acb0ce5b0ef62b20e4bf432"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1727335659",
"to_ids": true,
"type": "filename",
"uuid": "cd9d8e20-5770-4db3-87db-0597e0862590",
"value": "profapis.dll"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727335681",
"uuid": "dd46076c-51fb-4ca7-aa93-4a5b8e665b31",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727335681",
"to_ids": true,
"type": "sha256",
"uuid": "b44d089f-54b1-4beb-878b-cb1c7b4eff78",
"value": "82e99ceea9e6d31555b0f2bf637318fd97e5609e3d4d1341aec39db2e26cf211"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1727335681",
"to_ids": true,
"type": "filename",
"uuid": "fb95d8fc-bb16-4d47-b4c7-bd9f50e8dbe2",
"value": "CRYPTSP.dll"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727335796",
"uuid": "b5db5235-bbcb-4a19-861b-99949f6ab146",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727335796",
"to_ids": true,
"type": "sha256",
"uuid": "3bb3d05f-8740-4385-a6be-c312efdfe46a",
"value": "b6ae5b714f18ca40a111498d0991e1e30cd95317b4904d2ef0d49937f0552000"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1727335796",
"to_ids": true,
"type": "filename",
"uuid": "ef589430-e820-44ad-80ba-578a70300538",
"value": "Outlook.eml"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1727335797",
"to_ids": true,
"type": "filename",
"uuid": "b053503e-0ba2-4f8b-a7c3-4db04a670b40",
"value": "NekroWire.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1727335797",
"to_ids": false,
"type": "text",
"uuid": "f8421398-cbad-42c3-a85d-b5fea98a2289",
"value": "Malicious"
}
]
},
{
"comment": "82e99ceea9e6d31555b0f2bf637318fd97e5609e3d4d1341aec39db2e26cf211: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727335931",
"uuid": "2d46fb8b-889b-4619-8b36-92964fdd33ab",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1727335931",
"to_ids": true,
"type": "md5",
"uuid": "a12256ed-d0ca-41c8-8c65-db9206114881",
"value": "e2a32e7d772a9a4eeccee9c71ec3a6d4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1727335931",
"to_ids": true,
"type": "sha1",
"uuid": "6ae8f564-95d4-4c34-bbd1-4058b3de0d4d",
"value": "b53de85852479ea2a772bd3407b9e4d38eb1e1e7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727335931",
"to_ids": true,
"type": "sha256",
"uuid": "60be2cfd-6e06-4b03-81be-21c45bcf05a4",
"value": "82e99ceea9e6d31555b0f2bf637318fd97e5609e3d4d1341aec39db2e26cf211"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1727335931",
"to_ids": true,
"type": "tlsh",
"uuid": "f8bb98f1-d8fd-4680-8885-8b4acd58acf1",
"value": "t117a56c12ba8a596dc05ac5b493478a326a3174ca0b36bbff05c481353e6abf51f3c75c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "vhash",
"timestamp": "1727335931",
"to_ids": true,
"type": "vhash",
"uuid": "ab0e00bf-cea6-4689-a4b8-3a99daab2ce7",
"value": "126056656d15655048z4a3z3oz166z1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1727335931",
"to_ids": true,
"type": "ssdeep",
"uuid": "abc460f8-cde6-4aef-b110-d0142846bc37",
"value": "24576:+9KZsFQmIHwObgHONiDkPpzfH6WH+D/NwR61FM/VIH06iy4aQn652XObZtiNUZ:+9KMJPOcuNbPpzfHjUI6vEIU6iVBVet"
}
]
},
{
"comment": "Mitigated SloppyLemming Workers Domains",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727336619",
"uuid": "7fe7decc-edea-4033-b601-25485885b827",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "3efb6d94-c644-4169-a2a7-e2bc0199836f",
"value": "mail-na-gov-pk.na-gov-pk.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "d83db16e-7ddc-408e-85da-ccdd19cc04fa",
"value": "storage-e13.sharepoint-e13.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "23ca8d5e-7246-4f3a-b634-32535d6a7e9f",
"value": "zoom.osutuga7.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "affeb68f-8489-4f67-9624-d06287d4a77b",
"value": "sharepoint-punjab.sharepoint-e13.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "69238d92-eb24-41be-9a53-32213691c9f3",
"value": "pitb.gov-pkgov.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "0c16957a-e970-4131-8284-1b20c5d7515b",
"value": "mail-islamabadpolice-gov-pk.ntc-telecommunication-safecity.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "177b9c81-53db-4cb2-a916-42cf412589b6",
"value": "herald-b2a.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "e0e66805-5358-457b-8b31-e67638b2915b",
"value": "images-11d.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "5aaa5a11-fcc3-4e15-92bf-de1aa712b0e5",
"value": "classifieds.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "a5005f78-4d12-4306-ba84-015c8c03ee96",
"value": "dawnnews.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "b99cbcb4-8940-422f-8e1c-bc71c07742a1",
"value": "aurora.dawn-904.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "64fb61a1-8bda-49a2-bb2b-81e83c1bad37",
"value": "epaper.dawn-323.workers.dev"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336619",
"to_ids": true,
"type": "hostname",
"uuid": "8a64cc6d-95e2-4c4a-8667-c5ff70791d22",
"value": "obituary.workers.dev"
}
]
},
{
"comment": "ac3dff91982709f575cfbc6954b61130b4eeab5d3759772db220f1b76836be4d: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1727336667",
"uuid": "91cc8a82-404c-49d9-83f3-7c5a4632ff19",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1727336667",
"to_ids": true,
"type": "md5",
"uuid": "babab746-8c56-44da-94db-56ae9c8b3de5",
"value": "fa40357daaa8ed8e73eeef25f0f478ac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1727336667",
"to_ids": true,
"type": "sha1",
"uuid": "98446bff-4bcb-4b46-aaf7-dc42d3128a4b",
"value": "bc490c61ce87efc0faf93dd4160219ef303e3e1d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1727336667",
"to_ids": true,
"type": "sha256",
"uuid": "a1a78a56-b49c-4a1e-87b2-0987ce0a7e07",
"value": "ac3dff91982709f575cfbc6954b61130b4eeab5d3759772db220f1b76836be4d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1727336667",
"to_ids": true,
"type": "tlsh",
"uuid": "43517647-d8d7-4bbd-812e-8da90917cc4e",
"value": "t1e3c3d0352ada05f0d8a9e73ce526a1394167b84d5be110f3c5846867e4c12efab70efc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "vhash",
"timestamp": "1727336668",
"to_ids": true,
"type": "vhash",
"uuid": "0f2117ad-c2e9-4350-b452-deee4026b77e",
"value": "115076655d751510151az11=z6c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1727336668",
"to_ids": true,
"type": "ssdeep",
"uuid": "c15785e0-a6fe-48ec-90f7-efbdcd97a949",
"value": "3072:mqF9393J1H09rwUyiwtn5V/aSbprpoQ/AxVYo:mqF939Z1HT9Ht5V/zKBx"
}
]
},
{
"comment": "C2 Address",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727336806",
"uuid": "bf3c1a08-3134-4626-b952-3fbf33204912",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336807",
"to_ids": true,
"type": "hostname",
"uuid": "247dff0a-783e-41cd-8603-5d3de2bcecf5",
"value": "pitb.gov-pkgov.workers.dev"
}
]
},
{
"comment": "C2 Address",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727336854",
"uuid": "b8c24219-c192-4e27-b331-e18520ba47ff",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727336854",
"to_ids": true,
"type": "hostname",
"uuid": "6b676c27-120c-4780-be72-f51664e2067e",
"value": "redzone.apl-org.online"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337057",
"uuid": "abfd3ace-3fab-4bcf-9c82-a470ac0618bb",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337057",
"to_ids": true,
"type": "hostname",
"uuid": "56ed24f1-9c13-4344-b1b1-fd18bf183b6d",
"value": "www.crec-bd.site"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337057",
"to_ids": true,
"type": "ip-dst",
"uuid": "ac3b8b19-ef62-460e-8392-6758738dd987",
"value": "47.83.23.246"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337094",
"uuid": "91707b81-1568-4b04-bd9c-d35be74d9472",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337094",
"to_ids": true,
"type": "domain",
"uuid": "ea1d4648-5010-4c2c-93bb-e785cef0f84f",
"value": "crec-bd.site"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337094",
"to_ids": true,
"type": "ip-dst",
"uuid": "f59c6a98-3633-4e37-a15f-d79c93eca112",
"value": "47.83.23.246"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337116",
"uuid": "3902fec8-2fce-4672-a281-b5ee6abe5960",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337116",
"to_ids": true,
"type": "domain",
"uuid": "81f46e47-5692-466e-b073-a72ab32eaaeb",
"value": "jammycanonicalupdates.cloud"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337116",
"to_ids": true,
"type": "ip-dst",
"uuid": "cc7f74a0-b06d-4b6f-b5a5-eb2f52078853",
"value": "159.65.6.251"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337132",
"uuid": "a15f5b75-f8df-40c5-af1f-131b35b45aea",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337132",
"to_ids": true,
"type": "hostname",
"uuid": "1f709330-1b8d-4200-a373-1560742bf6de",
"value": "locaal.navybd-gov.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337132",
"to_ids": true,
"type": "ip-dst",
"uuid": "81be247c-19ad-442e-91e6-997bb141bdf3",
"value": "139.59.109.136"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337163",
"uuid": "8d8a544b-7264-466d-9c63-7b999c9cc0c5",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337163",
"to_ids": true,
"type": "domain",
"uuid": "0b8a5e46-fe53-4c00-ab86-60b180480dfd",
"value": "maldevfudding.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337163",
"to_ids": true,
"type": "ip-dst",
"uuid": "60b0c8cb-8660-41a3-9256-0423be1c34e4",
"value": "37.27.41.167"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337191",
"uuid": "8f11e476-3bfc-4de1-a349-e9f4c524f665",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337191",
"to_ids": true,
"type": "hostname",
"uuid": "6823540b-8081-4b37-b501-c7c154ea3378",
"value": "openkm.paknavy-pk.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337191",
"to_ids": true,
"type": "ip-dst",
"uuid": "b18519d4-9330-4178-a5f5-f931beb6bcb5",
"value": "47.237.105.113"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337210",
"uuid": "9f901585-951c-4c4d-9a2a-e8a2447c8e18",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337210",
"to_ids": true,
"type": "hostname",
"uuid": "a285994b-f3d8-464d-bebe-a5023a8350e1",
"value": "cloud.adobefileshare.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337210",
"to_ids": true,
"type": "ip-dst",
"uuid": "f8d1196d-a777-48bf-a9de-f145976e721e",
"value": "185.249.198.218"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337226",
"uuid": "a1b62d00-9ad4-42fd-ae7f-a977313e842d",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337226",
"to_ids": true,
"type": "domain",
"uuid": "c7d52bb7-e113-44ef-b234-6c60d0f0b41f",
"value": "adobefileshare.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337226",
"to_ids": true,
"type": "ip-dst",
"uuid": "8bf4c3aa-35db-47cd-b73e-1ac58b995d65",
"value": "185.249.198.218"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337238",
"uuid": "abc7200c-1013-4504-b7b2-99de2cf25a33",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337238",
"to_ids": true,
"type": "domain",
"uuid": "16a6d662-8b5a-4699-8efd-1ce1efd3a466",
"value": "quran-books.store"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337238",
"to_ids": true,
"type": "ip-dst",
"uuid": "b717d3a6-45d4-45d6-bd33-fab4f9d3c1f1",
"value": "8.222.235.145"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337257",
"uuid": "5751dcfc-4995-45e0-9ccc-7b063436b334",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337257",
"to_ids": true,
"type": "domain",
"uuid": "737d2038-13cf-447c-8c65-1c766969fe5f",
"value": "aljazeerak.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337257",
"to_ids": true,
"type": "ip-dst",
"uuid": "2576748d-d0c5-445b-a553-823c8da591d6",
"value": "8.219.169.226"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337271",
"uuid": "8b1d459a-47d7-4360-a629-0b83a0dda16e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337271",
"to_ids": true,
"type": "hostname",
"uuid": "f78a093e-5cfe-42f1-98b8-912b1a2b2741",
"value": "redzone2.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337271",
"to_ids": true,
"type": "ip-dst",
"uuid": "bee38d72-43ae-4b11-afa9-6fbccfd2c785",
"value": "47.237.20.135"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337289",
"uuid": "92d42dfb-3631-4847-b77f-ea4fef5112bb",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337289",
"to_ids": true,
"type": "hostname",
"uuid": "debab996-bf34-4d77-863e-7533291cd508",
"value": "hurr.zapto.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337289",
"to_ids": true,
"type": "ip-dst",
"uuid": "9e4a2552-a3a2-46e2-88e9-58374646f3e1",
"value": "47.237.20.135"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337306",
"uuid": "4457f5f1-4941-480b-9284-3d6947359e98",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337306",
"to_ids": true,
"type": "hostname",
"uuid": "46913416-10bb-4b16-96f4-a1097474a188",
"value": "login.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337306",
"to_ids": true,
"type": "ip-dst",
"uuid": "961c3bcb-fd5d-4225-94f1-a44c8b59c6f3",
"value": "47.245.56.29"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337319",
"uuid": "f9a34025-9fdb-4c50-95c2-2ec72a0dc444",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337319",
"to_ids": true,
"type": "domain",
"uuid": "9880d059-92e3-46b3-a213-44d54db9d645",
"value": "helpdesk-lab.site"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337319",
"to_ids": true,
"type": "ip-dst",
"uuid": "f6e5cb84-d40f-4c94-8606-bcb0c411891a",
"value": "47.237.20.201"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337333",
"uuid": "532a7f92-2cac-40b1-ac9f-5ecaac3f0dcd",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337333",
"to_ids": true,
"type": "hostname",
"uuid": "3cf86963-3619-485e-b092-5a34b909705b",
"value": "owa-spamcheck.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337333",
"to_ids": true,
"type": "ip-dst",
"uuid": "1b135e11-f627-4541-81f1-a3b6eb927f44",
"value": "47.237.25.198"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337346",
"uuid": "56ee3482-f293-410f-b2bb-7a3611a7261b",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337346",
"to_ids": true,
"type": "hostname",
"uuid": "313a9177-ab52-43a1-8f1e-9a3afc87b6c8",
"value": "redzone.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337346",
"to_ids": true,
"type": "ip-dst",
"uuid": "23434885-c657-40af-878d-56ce3afbbf3d",
"value": "47.245.2.77"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337368",
"uuid": "70e05653-0108-498c-84f6-cd71341b8a19",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337368",
"to_ids": true,
"type": "hostname",
"uuid": "0bb22dc6-d56b-4167-a816-40936c986e08",
"value": "dawn.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337368",
"to_ids": true,
"type": "ip-dst",
"uuid": "e66e5ef7-d5b0-4798-97d8-097fd9fee97f",
"value": "47.237.25.198"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337380",
"uuid": "d0365184-cc69-4bd6-a2f0-c56db5c541e3",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337380",
"to_ids": true,
"type": "domain",
"uuid": "fa32b31b-b64a-49ae-9865-b527249ac5cd",
"value": "hit-pk.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337380",
"to_ids": true,
"type": "ip-dst",
"uuid": "f94eabc7-abd5-43a2-b966-41c965cab4d2",
"value": "208.85.22.252"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337393",
"uuid": "d516eff7-0e15-4458-95ba-d14907200109",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337393",
"to_ids": true,
"type": "hostname",
"uuid": "e03b4cc4-173b-441f-b210-cc33008c1b9d",
"value": "blabla.apl-com.icu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337394",
"to_ids": true,
"type": "ip-dst",
"uuid": "4ee70012-7110-4361-833a-32f16c4a323f",
"value": "8.219.114.124"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337410",
"uuid": "38d9a1f2-7588-4db2-884e-a3ac2f95c7a0",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337410",
"to_ids": true,
"type": "hostname",
"uuid": "7868a06a-9d84-41c5-913e-94950ee58159",
"value": "acrobat.paknavy-pk.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337410",
"to_ids": true,
"type": "ip-dst",
"uuid": "2b5c4ccc-5bb8-4428-ab26-a1ff1b17a6df",
"value": "47.236.65.190"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337425",
"uuid": "09b4ca94-c810-45b3-84f5-fed3a13289ed",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337425",
"to_ids": true,
"type": "domain",
"uuid": "601f071a-74a9-43f5-b359-74b1dd07f8d6",
"value": "paknavy-pk.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337425",
"to_ids": true,
"type": "ip-dst",
"uuid": "ea5e1acc-849f-4302-8a03-e4484644b586",
"value": "47.236.65.190"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337484",
"uuid": "acfe32cc-6045-4de3-b57e-b397084ab7c2",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337484",
"to_ids": true,
"type": "hostname",
"uuid": "448662d2-e96c-40ed-aee1-33e82965f2a9",
"value": "mail.pakistangov.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337484",
"to_ids": true,
"type": "ip-dst",
"uuid": "79689d73-d098-4166-87d3-b236b91725f2",
"value": "47.245.114.11"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337500",
"uuid": "de120a14-3e07-464e-bd01-0031c22b324c",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337500",
"to_ids": true,
"type": "hostname",
"uuid": "ab64eb62-2730-41dd-b982-fb46fb52df7b",
"value": "mail.apl-com.icu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337500",
"to_ids": true,
"type": "ip-dst",
"uuid": "36e0f4c8-4b1d-4679-81e0-a97aca5d6014",
"value": "47.236.65.190"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337519",
"uuid": "d368f5a0-9368-40cc-ba4a-00db7b2a0310",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727337519",
"to_ids": true,
"type": "domain",
"uuid": "655ffb82-5366-4e8e-bd13-17effd557362",
"value": "168-gov.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337519",
"to_ids": true,
"type": "ip-dst",
"uuid": "7e43436d-67f1-4524-8383-e2c08a09a20c",
"value": "47.76.61.241"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337748",
"uuid": "36f77fcf-82fb-4ba3-98a8-985e19261a80",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337748",
"to_ids": true,
"type": "hostname",
"uuid": "5cfa679d-7e15-4577-ac30-c6d558dc8dc3",
"value": "www.168-gov.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337748",
"to_ids": true,
"type": "ip-dst",
"uuid": "8f42ad94-14d6-44be-b8f5-051801037715",
"value": "47.76.61.241"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337759",
"uuid": "3c5ffe47-81b7-4dc7-bb24-02f29a377cbe",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337759",
"to_ids": true,
"type": "hostname",
"uuid": "adaad927-26b2-48e2-afbe-54a70538ef5e",
"value": "browser.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337759",
"to_ids": true,
"type": "ip-dst",
"uuid": "e6946913-33a7-40f7-b9a4-64618578ff89",
"value": "149.28.153.250"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337774",
"uuid": "97c4669b-f884-4a7e-9ea2-2b11cfbe44b7",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337774",
"to_ids": true,
"type": "hostname",
"uuid": "b131f275-7c36-46c1-b1dc-76fabd2399a9",
"value": "docs.apl-com.icu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337774",
"to_ids": true,
"type": "ip-dst",
"uuid": "f868a3eb-49a6-4d3b-8029-0ce2bac825a9",
"value": "47.245.42.208"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337787",
"uuid": "05b0fa1f-beea-4229-8c61-d16f1e44acec",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337787",
"to_ids": true,
"type": "hostname",
"uuid": "46f59288-7a8d-4872-b2fc-8abe6170a662",
"value": "new.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337787",
"to_ids": true,
"type": "ip-dst",
"uuid": "a2a8c933-2a4b-4c12-85d6-d579322b75dc",
"value": "47.74.84.168"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337799",
"uuid": "5b00e211-33a4-446a-801b-a03fd7615faa",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337799",
"to_ids": true,
"type": "hostname",
"uuid": "0eedad33-889b-4bcc-be8f-05f58a51ad75",
"value": "mozilla.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337799",
"to_ids": true,
"type": "ip-dst",
"uuid": "00676a32-801a-46be-9bcc-58f5343b19cd",
"value": "47.74.87.155"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337830",
"uuid": "1059c0d5-a5ac-482b-b1c3-fefaa7c9b37e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337830",
"to_ids": true,
"type": "hostname",
"uuid": "054c8803-8f2c-487f-9b3e-98fc5ca782f9",
"value": "mozilla.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337830",
"to_ids": true,
"type": "ip-dst",
"uuid": "baeb835e-fa85-4233-bb3f-6714879683d1",
"value": "47.74.87.155"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337858",
"uuid": "aa50f0d2-492e-4ae7-ba05-d0174ff33c01",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337858",
"to_ids": true,
"type": "hostname",
"uuid": "a37e4f14-bc9f-48cf-bfb6-800fe65263ad",
"value": "m.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337858",
"to_ids": true,
"type": "ip-dst",
"uuid": "feac652f-f70f-4047-b51a-1f760312a221",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727337962",
"uuid": "03be3344-6af2-4c74-a514-91211818caa5",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727337962",
"to_ids": true,
"type": "hostname",
"uuid": "cb8b4192-10bf-4d6f-b7d5-9958ce018540",
"value": "monitor.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727337962",
"to_ids": true,
"type": "ip-dst",
"uuid": "f8a4d392-5010-4bed-9755-4edfc081ad14",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338030",
"uuid": "3a5b0840-103a-4efc-b8ac-6a69c33e9722",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338030",
"to_ids": true,
"type": "hostname",
"uuid": "644091d2-4a96-4a5c-89ef-03bcba1f89a5",
"value": "sensors.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338030",
"to_ids": true,
"type": "ip-dst",
"uuid": "fa7974af-8f8d-4f07-8194-dd717cffa679",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338048",
"uuid": "33b8a83a-1422-4a39-9d16-197aa7020530",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338048",
"to_ids": true,
"type": "hostname",
"uuid": "906c7dc8-fdef-4c92-9629-5cdf36bc49fa",
"value": "static.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338048",
"to_ids": true,
"type": "ip-dst",
"uuid": "15508ac2-b35c-49fc-9a75-aef42caae4b9",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338063",
"uuid": "c0b9c9f4-076a-4abe-bd21-8637f2a30be0",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338063",
"to_ids": true,
"type": "hostname",
"uuid": "263dba00-641a-460c-a4ed-67f7486c6daa",
"value": "bin.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338063",
"to_ids": true,
"type": "ip-dst",
"uuid": "fceab8a7-9be3-4f28-a53b-3409fba35673",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338089",
"uuid": "5b0332bb-3f98-4e42-bad8-f6e4bad60168",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338089",
"to_ids": true,
"type": "hostname",
"uuid": "bc0fe29a-2163-4567-aa61-e32e610f1623",
"value": "api.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338089",
"to_ids": true,
"type": "ip-dst",
"uuid": "53714971-f17e-4952-949c-69afd764bc3f",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338132",
"uuid": "19dbb316-000c-49d9-8ae0-b82e942dd9eb",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338132",
"to_ids": true,
"type": "hostname",
"uuid": "24944b52-48b2-4854-ab42-5b1274021006",
"value": "frontend-m.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338132",
"to_ids": true,
"type": "ip-dst",
"uuid": "94bd7ed2-210f-404a-8013-a03ed0c0e812",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338176",
"uuid": "4636b86a-d007-4ff4-93c4-4faefede1a16",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338176",
"to_ids": true,
"type": "hostname",
"uuid": "f299fee1-3339-427a-a6fa-be80a2dd4d22",
"value": "accounts.opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338176",
"to_ids": true,
"type": "ip-dst",
"uuid": "fd9391ff-48ff-4363-a23a-50b776a8acf2",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338199",
"uuid": "9a27cc52-1629-444b-ae13-152e833ae7ca",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727338199",
"to_ids": true,
"type": "domain",
"uuid": "88563c5a-df60-4a6a-b359-d388f213aabb",
"value": "opensecurity-legacy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338199",
"to_ids": true,
"type": "ip-dst",
"uuid": "cf326453-5ff0-4fde-bbf5-83a07bc7f6f0",
"value": "159.253.120.25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338238",
"uuid": "d9436e4c-0bde-441c-8f2f-d3e521412568",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338238",
"to_ids": true,
"type": "hostname",
"uuid": "fbc62be1-0923-4fbd-aa58-fad3c32e465c",
"value": "oil.hascolgov.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338238",
"to_ids": true,
"type": "ip-dst",
"uuid": "ebf38aef-9682-4acd-ab04-9cdf2a39a2ce",
"value": "207.148.73.145"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338269",
"uuid": "af1fe156-a05b-4c48-9793-313329983b03",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338269",
"to_ids": true,
"type": "hostname",
"uuid": "395513f6-fc2f-4f82-b0cf-de662c6ca9a7",
"value": "hesco.hascolgov.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338269",
"to_ids": true,
"type": "ip-dst",
"uuid": "95588918-0ad5-4d29-b276-13501689cf23",
"value": "207.148.73.145"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338284",
"uuid": "5fed89ec-8ec2-47df-999b-0c30ac680846",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338284",
"to_ids": true,
"type": "hostname",
"uuid": "324cccd2-3837-480e-a8a6-a59e888b4a6a",
"value": "locall.hascolgov.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338284",
"to_ids": true,
"type": "ip-dst",
"uuid": "8d2c8692-1500-4d50-88bf-b2ec922cceee",
"value": "207.148.73.145"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338303",
"uuid": "bfaa9ac7-eb53-497a-a8fa-47e416701a4c",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727338303",
"to_ids": true,
"type": "domain",
"uuid": "1143a155-93a7-447d-93ee-66dc78dec8f1",
"value": "itsupport-gov.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338303",
"to_ids": true,
"type": "ip-dst",
"uuid": "b952cb9e-6d57-4083-a7c8-5b787606e3fe",
"value": "47.254.229.56"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338327",
"uuid": "6e75e192-ec76-4cf4-863c-f2d103d1f6a9",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727338327",
"to_ids": true,
"type": "domain",
"uuid": "2bfe8fa6-7841-4dec-8b41-40dacf0f574b",
"value": "updpcn.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338327",
"to_ids": true,
"type": "ip-dst",
"uuid": "0d2643c0-6ecc-445c-bf2a-725455ef96c4",
"value": "47.76.181.76"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338352",
"uuid": "8e698eb8-7f70-40f8-bc2a-dc513c715e3c",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338352",
"to_ids": true,
"type": "hostname",
"uuid": "b6981167-4780-4d2b-9c74-09370ab6d97a",
"value": "update.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338352",
"to_ids": true,
"type": "ip-dst",
"uuid": "3301b114-cb04-4022-ba31-7c1219e12f5b",
"value": "47.74.84.168"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338367",
"uuid": "c99dbc3d-ad39-4970-819c-a3906d71e26e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338367",
"to_ids": true,
"type": "hostname",
"uuid": "e4a01daf-049c-4b48-9292-3a7eb3e1cbef",
"value": "zero-berlin-covenant.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338368",
"to_ids": true,
"type": "ip-dst",
"uuid": "32cda848-e19e-402f-a4e2-da5915eaf6a7",
"value": "47.245.126.218"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338382",
"uuid": "ef9f34fe-6514-4b75-a9d2-cf3e85018279",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338382",
"to_ids": true,
"type": "hostname",
"uuid": "223aadab-beaa-4f78-ae6c-df98e30834ee",
"value": "fonts.apl-org.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338382",
"to_ids": true,
"type": "ip-dst",
"uuid": "e99ef9fe-42d4-4f23-aa10-2994ff4b711f",
"value": "47.74.87.155"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338401",
"uuid": "9940be2e-387f-4b7e-a392-2cb3ce952b50",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338401",
"to_ids": true,
"type": "hostname",
"uuid": "fcd4d20f-f963-4e2f-9d12-f04b8d7b23b5",
"value": "localhost.apl-com.icu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338401",
"to_ids": true,
"type": "ip-dst",
"uuid": "6d5261be-8978-419f-978b-f8fb7d737b12",
"value": "142.93.139.164"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338422",
"uuid": "505438c1-1e30-453f-8b46-1617950b91c8",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338422",
"to_ids": true,
"type": "hostname",
"uuid": "917f4803-5a07-47cb-8fd3-f19681276524",
"value": "cloud.cflayerprotection.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338422",
"to_ids": true,
"type": "ip-dst",
"uuid": "64fea8e9-501a-4947-88f0-43683c8a4818",
"value": "45.137.116.8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338446",
"uuid": "4b7cbbf2-8088-40b2-9181-181195768001",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338446",
"to_ids": true,
"type": "hostname",
"uuid": "eabe422c-34d9-49a8-b6df-163fc2c906c2",
"value": "secure.cflayerprotection.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338446",
"to_ids": true,
"type": "ip-dst",
"uuid": "42f40a53-aca7-493f-b248-9c416f4a128d",
"value": "45.137.116.8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338462",
"uuid": "01dfde1c-179a-45c3-8757-bdf6ef82bfc8",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727338462",
"to_ids": true,
"type": "domain",
"uuid": "63f39ecd-2278-411f-aebb-3c8eeffe0a8c",
"value": "cflayerprotection.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338462",
"to_ids": true,
"type": "ip-dst",
"uuid": "12cc6743-5988-41b2-925e-0ce547cc926d",
"value": "45.137.116.8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1727338478",
"uuid": "335a515c-1107-4304-b77f-d7ff1f1eb695",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338478",
"to_ids": true,
"type": "hostname",
"uuid": "f912ae70-93f6-4b62-ab18-626a4abaa05c",
"value": "data.cloudlflares.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338478",
"to_ids": true,
"type": "ip-dst",
"uuid": "f0347cd8-521c-40fa-8e47-94a7de1a4ccf",
"value": "45.137.116.8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1727338494",
"uuid": "e64162db-e8c6-4349-ba99-9f416dc53e56",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338494",
"to_ids": true,
"type": "hostname",
"uuid": "1435e5f5-38d3-4263-861d-36ad1fba3a69",
"value": "secure.cloudlflares.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1727338494",
"to_ids": true,
"type": "ip-dst",
"uuid": "1e8efab6-ffda-4252-8472-8199b5328d90",
"value": "45.137.116.8"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1727338494",
"to_ids": true,
"type": "domain",
"uuid": "1b0ba6cb-54f5-4189-b36b-5e69f6deb402",
"value": "cloudlflares.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1727338494",
"to_ids": true,
"type": "hostname",
"uuid": "6980cd6c-65e0-401c-accb-c42a0303f15a",
"value": "www.cloudlflares.com"
}
]
}
],
"EventReport": [
{
"name": "Report from - https://blog.cloudflare.com/unraveling-sloppylemming-operations/ (1727338512)",
"content": "# Unraveling SloppyLemming Operations Across South Asia\r\n\r\n2024\\-09\\-25\r\n\r\nCloudforce One is publishing the results of an investigation into an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvesting, malware delivery and command and control (C2\\). This actor conducts extensive operations targeting Pakistani, Sri Lanka, Bangladesh, and China. Industries targeted include government, law enforcement, energy, telecommunications, and technology entities.\u00c2\u00a0\r\n\r\n### Executive Summary\r\n\r\n* Between late 2022 to present, SloppyLemming has routinely used Cloudflare Workers likely as part of a broad espionage campaign targeting South and East Asian countries\r\n* SloppyLemming displays a lack of operational security (OPSEC) allowing Cloudforce One insight into its tooling\u00c2\r\n* The actor primarily targets Pakistani government, defense, telecommunications, technology, and energy sector organizations; SloppyLemming also targets Bangladesh, Sri Lanka, Nepal, and China.\r\n\r\n## Who is SloppyLemming?\r\n\r\nSloppyLemming is the cryptonym given by Cloudforce One to this threat actor, which aligns with the adversary OUTRIDER TIGER tracked by CrowdStrike. The actor predominantly relies on open source adversary emulation frameworks, such as Cobalt Strike, Havoc, and others. Based on Cloudflare\u00e2\u0080\u0099s visibility, the actor predominantly targets within Asia. Pakistan is a primary target for SloppyLemming; however, the actor also routinely targets Bangladesh, Indonesia, Sri Lanka, China, and Nepal. Targeted sectors predominantly consist of government entities within Pakistan.\r\n\r\n## SloppyLemming Phishing Activity Focuses on Credential, Token Collection\r\n\r\nSloppyLemming extensively uses credential harvesting as a means to gain access to targeted email accounts within organizations that provide intelligence value to the actor. Throughout our research, Cloudforce One has been able to replicate the actor\u00e2\u0080\u0099s credential harvesting chain. Through our unique visibility, we have also obtained actor\\-side tools that help facilitate the creation of malicious Workers used in credential harvesting operations, and a utility to collect emails from compromised accounts.\r\n\r\n### SloppyLemming Credential Harvesting Overview\r\n\r\nFirst, SloppyLemming operators will craft a phishing email that is likely tailor\\-made for the target to ensure a higher degree of success in the user clicking a malicious link. An example draft phishing email obtained by Cloudforce One can be found below:\r\n\r\n\r\n\r\n```\r\nDear [Officer\u00e2\u0080\u0099s Name],\r\n\r\nAs part of our ongoing efforts to enhance the security of our internal systems, we are rolling out a mandatory update to our secure access protocols. All personnel are required to complete this update within the next 24 hours to ensure continued access to department resources.\r\n\r\nPlease log in to the police department\u00e2\u0080\u0099s IT portal using the link below to initiate the update process:\r\n\r\n[Fake IT Portal Link]\r\n\r\nFailure to complete this update will result in the temporary suspension of your account access.\r\n\r\nThank you for your cooperation.\r\n\r\nBest regards,\r\nIT Department\r\n[Police Department\u00e2\u0080\u0099s Name]\r\n```\r\n\r\nNext, the actor uses a custom\\-built tool named CloudPhish to create a malicious Cloudflare Worker to handle the credential logging logic and exfiltration of victim credentials to the threat actor. CloudPhish works in the following manner:\r\n\r\n1. Operator inputs the following parameters:\r\n\r\n\r\n\t1. \u00e2\u0080\u009cMission\u00e2\u0080\u009d name (Generally, the target of the operation)\r\n\t2. \u00e2\u0080\u008b\u00e2\u0080\u008bTarget URL\r\n\t3. Discord Webhook URL\r\n\t4. Redirect URL\r\n\t5. Cloudflare URL\r\n2. Scrapes targeted webmail login HTML content\r\n\r\n\r\n\t1. Checks if its a support mail client (i.e. Zimbra, Axigen, or cPanel)\r\n\t2. Replaces legi
"id": "761",
"event_id": "258718",
"timestamp": "1727338810",
"uuid": "0fc58862-2f2b-441f-aa78-855d230edd28",
"deleted": false
}
]
}
}
Reference in a new issue Copy permalink